Cisco Systems UBR924 Additional Documentation

3-15

CiscouBR924 Software Configuration Guide

OL-0337-05 (8/2002)

Chapter3 Advanced Data-Only Configurations

IPSec (56-bit) Example

no service finger

!

access-list 200 permit ip host 10.1.0.25 30.1.1.0 0.0.0.255

!

line con 0

exec-timeout 0 0

transport input none

line vty 0 4

login

!

end

Note The above configuration assumes that the DHCP server assigns an IP address to the cable interface that

is in the class A private network (10.0.0.0).

Additional Documentation

Establishing IPSec encryption between two or more end-points requires a thorough underst anding of the

Internet Key Exchange (IKE) mechanism, which is a form of the ISAKMP/Oakley (Inter net Security

Association Key Management Protocol) that is used for IPSec encryption. Digital certificates must also

be understood if this mechanism is going to be used for authentication. Finally, if IPSec will be used as

part of a virtual private network (VPN), those concepts must be und erstood as well.

For general information on these subjects, see the following information in the product literature and IP

technical tips sections on CCO:

•Deploying IPSec—Provides an overview of IPSec encryption and its key concepts, along with

sample configurations. Also provides a link to many other documents on relate d topics.

•Certificate Authority Support for IP Sec Overview—Describes the concept of digital certificates and

how they are used to authenticate IPSec users.

•An Introduction to IP Security (IPSec) Encryption—Provides a step-by-step description of how to

configure IPSec encryption.

The following technical documents, available on CCO and the Documentation CD-ROM, also provide

more in-depth configuration information:

•Cisco IOS Release 12.1 Security Configuration Guide—Provides an overview of Cisco IOS security

features.

•Cisco IOS Release 12.0 Security Command Reference—Provides a reference for each of the

CiscoIOS commands used to configure IPSec encryption and related security features.

•Cisco IOS Software Release 12.1 Command Summary—Summarizes the Cisco IOS commands used

to configure all Release12.0 security features.

Note Additional documentation on IPSec becomes available on CCO and the Documentation CD-ROM as new

features and platforms are added.

Contents

Main Cisco uBR924 Cable Access Router Software Configuration Guide Page CONTENTS Page Page Page Preface Audience Purpose Organization Document Conventions Page x loss of data. this guide. paragraph. Acronyms and Terms Related Documentation Cisco uBR924 Cable Access Router CMTS Hardware Installation Publications Cisco IOS Publications Configuration Editor and Network Management Publications Subscriber Publications Obtaining Documentation World Wide Web Documentation CD-ROM Ordering Documentation Obtaining Technical Assistance Technical Assistance Center Documentation Feedback Page Overview Cisco IOS Software Release Feature Sets Base IP DOCSIS-Compliant Bridging Home Office (Easy IP) Value Telecommuter Performance Telecommuter Value Small and Branch Office Performance Small and Branch Office Feature Descriptions Cable Monitor Web Diagnostics Tool Cisco Cable Clock Card Support Cisco IOS Firewall DOCSIS-Compliant Bridging DOCSIS Baseline Privacy Interface Dynamic Host Configuration Protocol Server Dynamic Host Configuration Protocol Proxy Support Enhanced IP Bridging Ecosystem Gatekeeper Interoperability Enhancements Fax over IP H.323v2 (Gateway/Gatekeeper) IP Address Negotiation IPsec Network Security Layer 2 Tunneling Protocol Media Gateway Control Protocol V12.1.3T NetRanger SupportCisco IOS Intrusion Detection Network Address Translation and Port Address Translation Network Address Translation Support for NetMeeting Directory (Internet Locator Service) Quality of Service Quality of ServiceDOCSIS 1.0+ Extensions Routing Information Protocol Version 2 Secure Shell Version 1 Simple Gateway Control Protocol Triple Data Encryption Standard VPN IPsec EnhancementDynamic Crypto Map Initial Provisioning Supporting Multiple Classes of Service DOCSIS 1.0 Static Profiles DOCSIS 1.0+ and 1.1 Dynamic Profiles Creating Multiple Profiles User Registrar Modem Registrar Cisco Network Registrar Access Registrar Page DOCSIS-Bridging Configuration DHCP Server Configuration DOCSIS Configuration File Page Page Cisco IOS Software Image Cisco IOS Configuration File Using the Vendor-Specific Information Field 2-8 Sample Configuration for DOCSIS-Compliant Bridging This configuration shows the following requirements for DOCSIS-compliant br idging: Configuring the Attached CPE Devices Reconfiguring DOCSIS-Compliant Bridging Page Advanced Data-Only Configurations Data-Only Routing Page Routing with DHCP Server 3-5 NAT/PAT Configuration Page NAT/PAT Configuration with DHCP Proxy Page Using NAT and DHCP Proxy and Copying Configuration Files IPSec (56-bit) Example Page Sample Configuration 3-14 56-bit DES-CBC encryption (the default) MD5 (HMAC variant) hash algorithm Pre-shared authentication keys 768-bit Diffie-Hellman group (the default) Additional Documentation IPSec (3DES) Example L2TP Example Page 3-19 Page Voice over IP Configurations Overview Introduction Page Voice Handling Quality of Service Support H.323v2 Protocol SGCP and MGCP Protocol Stack H.323v2 Static Bridging Configuration Page 4-9 H.323v2 Static Routing Configuration 4-11 routing mode. H.323v2 Dynamic Mapping Configuration Note The Cisco uBR924 router can use H.323v2 dynamic mapping in either DOCSIS-bridging mode or Page Page Page SGCP Configuration Page 4-17 MGCP Configuration Page 4-20 Command Purpose Step22 uBR924# copy running-config startup-config Step23 uBR924# show startup-config Display the configuration file that was just created. Building configuration... 4-21 Page A Using Cisco IOS Software Accessing the Routers Command-Line Interface Connecting Using Telnet Connecting to the Console Port Understanding the Command-Line Interface Command Modes User EXEC Mode Privileged EXEC Mode Global Configuration Mode Interface Configuration Mode Context-Sensitive Help Command History Features Displaying the Command History Editing Previous Commands Command History Buffer Size Using Output Modifiers Understanding Cisco IOS Configuration Files Downloading the Configuration File Startup and Run-Time Configuration Files Displaying the Configuration Files File Format Useful Commands Page B Using the Cable Monitor Tool Enabling the Cable Monitor Configuration Modes Security Considerations Disabling the Cable Monitor Accessing the Cable Monitor Through the Cable Interface when the Cable Interface is Operational Through the Ethernet Interface when the Cable Interface is Not Operational Sample Pages Page Home Page Page Initialization Information Page Page Voice Ports Information Page CPE State Information Page Cable Interface Information Page Performance Information Page Debug Information Page Page C Using the ROM Monitor Entering the ROM Monitor Command Conventions Commands Page Page Page Page D New and Changed Commands Reference Commands Reserved for DOCSIS Use Page INDEX Symbols Numerics A D E F G H I L O P Q R U V